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There was a lot of important information security news 
coming out of the industry during the month of 
September, including: The Equifax breach, North 
Korean cryptocurrency targeting, and more. Here are 
just a few of the news highlights from last month that 
we think you need to know about. Leave your thoughts 
on these, and other Information Security news stories, 
in the comments section. 
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• Deloitte 

r https://www.the g uardian.com/business/2017/sep/25/deloil 
hit-bv-cyber-attack-revealin g -clients-secret-emails l. 
one of the worlds "Big Four" accounting firms, was 
the victim of a sophisticated hack that allowed 
hackers to access confidential emails and data on 
some of their blue-chip clients. Hackers were able to 
access the global email server through an 
administrator's account that gave them unrestricted 
access. The account only asked for one password. 

This is another example of why two-factor 
authentication f https://frsecure.com/blo g /what- 
authentication-means-in-information-securitv /l 

should be required by all organizations. 

• The Securities and Exchan g e Commission 
r https://www.washin g tonpost.com/amphtml/news/business 
reveals-it-was-hacked-information-may-have-been- 
used-for-ille g al-stock-trades/ 1 revealed that it was 
hacked. Confidential documents that had been filed 

by publicly traded companies was compromised in 
the hack. This information could have been used to 
make illegal trades on the market. An investigation 
into the matter is ongoing. 

• Popular social media site, Insta g ram . was hacked 
r https://www.bankinfosecuritv.com/insta g ram- 
warns-hack-more-widespread-than-expected-a- 

10256?rf=2017-09- 
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dark web. 
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• Do you have a credit report? 
r https://www.consumer. g ov/articles/1009-your- 
credit-historv l If you answered yes, there's a good 
chance that you're among the 143 million American 
consumers whose personal information was 
ex posed in the breach at Equifax. 
r https://www.consumer.ftc. g ov/blo g /2017/09/equifax- 
data-breach-what-do l 

• The hack ran from mid-Mav until the breach was 
discovered on lul v 29th. 

r https://www.databreachtodav.com/equifax-breach- 
ex posed-data-143-million-consumers-a-10275 1 This 
was a long enough time period for hackers to accrue 
millions of names, Social Security numbers, birth 
dates, addresses, drivers license numbers, basically 
everything you would need to impersonate 
someone. 

• Equifax's response to the breach was...less than 
adequate, as was reported by many news outlets. 
r https://www.cnbc.com/2017/09/08/equifax- 
response-to-data-breach-leaves-manv-consumers- 
confused.html l There were many, many things that 
they could have done differently once the breach 
was discovered. r https://frsecure.com/blo g /expert- 
take-on-equifax-breach/ 1 

• In the end, people were let go 
r https://frsecure.com/blo g /what-makes-a- g ood- 
chief-securitv-officer/ 1. Eq uifax apolo g ized profusely 
r https://www.ws j .com/articles/on-behalf-of-equifax- 
im-sorrv-1506547253 1. lawsuits were filed 
f http://monev.cnn.com/2017/09/19/technolo g v/equifax- 
leg al-issues/index.html l. and Con g ressional 
hearin g s took place 

r https://www.wired.com/story/equifax-ceo-con g ress- 
testimonv /1. 
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• The silver lining, if there is any, is that this massive 
breach served as a wake up call for many businesses 
r http://www.insidecounsel.com/2017/09/26/the- 
eq uifax-breach-wake-up-call-for-businesses l and 
reinforced what we have been saying here at 
FRSecure. f https://frsecure.com/blo g /10-security - 
principles-live-or-die-bv /1 

World News 

• The government of North Korea 
r https://www.bankinfosecurity.com/report-north- 
korea-seeks-bitcoins-to-bypass-sanctions-a-10293? 
rf=2017-09- 
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has turned to Bitcoin to fund its regime. North 
Korean agents have focused efforts on Bitcoin 
exchange heists and cryptocurrency mining in order 
to secure funds to fuel the government. As United 
Nation sanctions limit sources of income for North 
Korea, Bitcoin and other cryptocurrencies have 
become a way for the government to fill their 
pockets. 

• The Department of Homeland Security ordered 
federal agencies and departments to remove 
software sold by the Russia-based IT firm Kaspersky 
Lab r https://www.cbsnews.com/news/dhs-bans- 
kasperskv-lab-software-citin g -ties-to-russian- 
g overnment/ 1. DHS cited the cybersecurity 
company's ties to the Russian government as 
rationale for the decision. 

Policv/Le e al News 

• The National Cybersecurity Center of Excellence at 
the National Institute of Standards and Technology 
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on-miti g atin g -ransomware-threats/article/687317/ 1 
to help organizations that have been affected by a 
ransomware attack. The guide is designed to help 
organizations recover data, facilitate smooth 
recovery in the event of a compromise, and manage 
risk. If all the recent breaches have taught us 
anything it is that no organization, no matter how 
big or small, should be without a Disaster Recovery 
Plan. r https://frsecure.com/blo g /or g anization-bi g- 
enou g h-need-disaster-recoverv - plan/ 1 

• The Senate of the state of Massachusetts has 
established a special committee on cybersecuritv 
r https://www.natlawreview.com/article/massachusetts- 
lawmakers-turn-attention-to-cybersecuritv l as focus 
grows on improving cybersecurity policies. The 
Senate approved the creation of a special committee 
to review and improve upon the state's existing 
cybersecurity policies. Several bills focused on 
cybersecurity are pending in the state legislature. 

• The Department of Homeland Security published a 
new rule in the Federal Re g ister 

r https://www.federalre g ister. g ov/documents/2017/09/18/2C 
19365/privacv-act-of-1974-system-of-records l. 
saying it wants to include social media data as part 
immigration files. The new requirement is set to take 
effect on October 18th. Proponents of the policy 
r https://www.buzzfeed.com/adolfoflores/people-are- 
worried-about-dhs-plans-to- g ather-social-media? 
utm term=.ar lBlq LwW#.xaxvOz ja91 say that studying 
immigrants social media behavior could help identify 
possible radicals and prevent an attack on American 
soil while detractors claim the rule infringes on free 
speech rights and is just plain ineffective. 
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That is all for the Information Security News Recap for 
the month of September. Want to get more information 
security news? Check out FRSecure's Twitter feed 
r https://twitter.com/FRSecure l for updates on what's 
going on in the world of information security. 
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r https://www.linkedin.com/in/stevemarsden01/ l 

Steve Marsden 

[https://frsecure.com/blog/author/steve-marsden/] 


Senior Sales Consultant at FRSecure LLC 
I V • I [https://frsecure.com/] 

Steve is nearly a 28 year professional 
sales representative who officially joined 
FRSecure in January, 2012 as employee number 
three. Steve strives to serve every customer as if they 
were the only; aiming for 100% customer 
satisfaction. An avid news junky, in his spare time 
Steve likes to catch up on current events, visit some 
Minnesota lakes, go boating, and hide in his 
hammock with a good book. 


OCTOBER 13,2017 1 COMMENT BY STEVE MARSDEN 
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James 

October 17, 2017 at 1:57 pm 

Wow. Clearly we have not figured out how to 
protect our organizations. The information 
security industry is broken. Who will fix it? 

Reply 
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